Thursday 19 February 2015

User Upgrade or vandalism?

Yesterday morning I got up, logged into my machine and booted my browser. And discovered that the interface had changed, all my stored data was lost, my profile was corrupted, and the browser was locking into a restart cycle. Not want you want at 7a.m., but I honestly thought I’d been hacked or had a hardware fail. When I restarted, I had to run checkdisc because the corruption had spread to data.  

The cause: The Mozilla Foundation. 

Computer Rage
Computer Rage
Kevin Curtis
Buy This
at Allposters.com

I have updates turned off on Firefox, which you might be aware of after their last attempt to trash my machine update my browser (details here). Despite all browser updates being turned off, and Mozilla Maintenance Malware Service being disabled, they’d done a forcible push to upgrade me to Firefox Beta.   In the process it destroyed my stored sessions and profiles, caused conflicts with two add-ons which actually caused corruption on my harddrive, and locked my browser into a crash/restart cycle. For the first time in my entire career I had to system restore my own machine.  

This isn’t a user upgrade. This is vandalism.  

Worse, ignoring the fact that updates have been declined and sending them anyway, is hacking.

Now, Firefox says that you should allow updates for security. There’s a problem with this: 
a) I can block updates and have a browser that may be hacked and my data taken, stored somewhere out of my control and used for purposes I am not aware of.
or
b) I can allow updates and know for sure my data is being taken, stored somewhere out of my control, and used for purposes I am not aware of. 

Now under case a), I can lock the browser down to prevent extras running. The update process removes this lock-down every time it updates, opening your browser to external access and running programs you don’t want.  

Specific Examples:
I don’t have flash, and video was disabled.
  • Firefox’s forcible update to Beta enabled both of these, which opens a security hole that wasn’t there.
I had ActiveX disabled.
  • Not any more.
I had Java disabled.
  • Yeah, gu ess…
I had very limited data going out to the web.
  • Firefox now sends my data in unencrypted format over the web, saying exactly which site I was on, my add-ons etc.
I have sync turned off.
  • Firefox keeps trying to turn it on, a.k.a. take stored password and user data and store it unencrypted in the cloud.
I had updates turned off.
  • Firefox ignored this, pushing unwanted software onto my machine and doing significant damage. 
Fortunately I was the only one hit – my co-workers were warned, booted their machines offline, and blocked the update.

Five hours, Mozilla. Five hours to recover lost data caused by your system intrusion. I should be charging day rate.  

The most damning part is that it doesn’t matter what I switch my settings to, every time I open Firefox now, updates are turned back on and it keeps trying to get me to use sync. I’ve g iven up. I’m not switching my settings anymore. I’ve switched my browser.  

Opera does for some of it, and I’ve another couple of alternatives for specific purposes.  I know the new one I’m using is not as secure. But it has a 1% chance of sharing my data, compared to Firefox’s 100% – and it has less chance of wiping out my PC. 

Update: To my complete horror, I found out this morning that the update from Firefox destroyed my SQLite databases and systems. I found this out because it did it again when it tried to update again. This is the second system restore in two days, and sadly Firefox is no longer a browser I can have on my system even as a backup. It’s done too much damage.

Alternative browsers:
Opera – Yes, I am an opera user right now.
Chrome – not so good if you want privacy
IE – useless to XP owners now (MS, you’re losing a m arket here, charge an annual maintenance fee…).
Seamonkey – opensource Firefox from Debian
Firefox 28 – yes the old version still floats around. I can throw my own .exe of it up if people like.
Safari – normally a Mac browser, but there are versions for windows. 

There are also a few new contendors:
Whitehat Aviator – Looks nice, but give it a few months to let it get over teething problems
Midori – crashes on install because of broken dlls, so not for the non-technical who can’t fix this.

Iceweasel is a problem. It is a good linux browser, but some of the windows versions floating around come with unwanted extras, and rumour has it a trojan, so it is probably not worth taking a chance on.

But I am still bloody furious. An entire unnecessary repair job because Mozilla can’t honour update preferences.

Sick Computer
Sick Computer
Pop Ink – CSA…
Buy This at Allposters.com

 




This blog has now moved to http://www.rablogs.co.uk/tirial, where the original article can be found.  User Upgrade or vandalism? - http://rablogs.co.uk/tirial/2015/02/19/user-upgrade-or-vandalism/ was published on February 19, 2015 at 8:55 am.

No comments: